Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Windows Password???

  1. #11
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by Dissident85 View Post
    Ok, so i have been able to successfully get the windows passwords on a machine that i have psychical access to, but i then tried to access the same machine remotely and tried to do the same thing, but i am having a bit of trouble.

    Code:
    bt ~ # mount -t cifs //10.0.0.6/c$ -o username=loic /mnt/remote_win
    Password:
    bt ~ # bkhive /mnt/remote_win/windows/system32/config/system syskey.txt
    bkhive 1.1.1 by Objectif Securite
    http://www.objectif-securite.ch
    original author: ncuomo@studenti.unina.it
    
    Error opening hive file /mnt/remote_win/windows/system32/config/system
    bt ~ #
    anyone know what could be going wrong here?
    If you read the guide it explains that Linux is case sensitive. You have to use WINDOWS not windows.
    I like the bleeding edge, but I don't like blood loss

  2. #12
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by bofh28 View Post
    If you read the guide it explains that Linux is case sensitive. You have to use WINDOWS not windows.
    I don't that is the case here. I tried to take two different approaches, and i was unsuccessful both times.
    Code:
    bt ~ # bkhive /mnt/win/WINDOWS/system32/config/system syskey.txt
    bkhive 1.1.1 by Objectif Securite
    http://www.objectif-securite.ch
    original author: ncuomo@studenti.unina.it
    
    Error opening hive file /mnt/win/WINDOWS/system32/config/system
    bt ~ # cd /mnt/win/WINDOWS/system32/config/
    bt config # bkhive system /root/syskey.txt
    bkhive 1.1.1 by Objectif Securite
    http://www.objectif-securite.ch
    original author: ncuomo@studenti.unina.it
    
    Error opening hive file system
    bt config #
    EDIT: I had a thought, and perhaps someone could shed some light on this for me. Every attempt I have had in dumping the windows SAM file was when the computer was turned off, well not off. just that windows wasnt running… could the fact that windows is running be the cause on why I can’t access the file?

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •